First published: Thu Jun 22 2017(Updated: )
A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows Server | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows XP | ||
Microsoft Windows XP | =sp1 | |
Microsoft Windows XP | =sp2 | |
Microsoft Windows XP | =sp3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-0176 is classified as a critical vulnerability due to its ability to allow remote code execution.
To mitigate CVE-2017-0176, apply the required security updates provided by Microsoft.
CVE-2017-0176 affects Microsoft Windows XP through SP3 and Windows Server 2003 through SP2.
Yes, CVE-2017-0176 can be exploited remotely if the target system is in a Windows domain and has Remote Desktop Protocol enabled.
CVE-2017-0176 involves a buffer overflow attack that allows an attacker to execute arbitrary code.